Privacy Policy

Zero Data RetentionNo Model TrainingSingle-Tenant DeploymentPer-User Data Isolation

Clevermore is an AI-powered productivity tool for legal professionals that extracts tasks, builds knowledge bases, and maintains contact profiles from email content. Because we operate in a profession where client confidentiality is a non-negotiable obligation, our architecture is designed around the three duties that define that obligation: secrecy, security, and loyalty.

Confidentiality by Design

Clevermore's privacy architecture is structured around the three dimensions of professional confidentiality:

  • Secrecy -- Your data is never retained by AI providers, never used for model training, and never surfaces in outputs served to others. Each AI interaction is stateless.
  • Security -- Single-tenant deployment within your firm's own Azure infrastructure. AES-256 encryption at rest, TLS 1.3 in transit, OAuth2 authentication via Microsoft identity. No intermediary data storage.
  • Loyalty -- Per-user data isolation at the database level prevents cross-client contamination. Zero-retention AI processing means no context carries over between sessions or users.

How Your Data Flows

The diagrams below illustrate how your data moves through the system in each deployment mode. Green checkmarks indicate where zero data retention policies are enforced.

On-Prem

Secure Gateway

Clevermore acts as an orchestration layer, not a data warehouse. Email content flows directly from Microsoft Graph to AI processing and back.

Information We Collect

What We Collect

  • Extension preferences -- Your settings and configuration choices
  • Feedback and debug information -- if you choose to send it

What We Don't Collect

  • Email content or messages
  • Information about your contacts
  • Browsing history
  • Financial or health information
  • Location data

How Your Data Is Processed

Email Processing

Your email content is processed using one of two privacy-safe methods:

  • Default Mode -- Uses our authentication proxy that handles only credentials, never email content
  • Bring Your Own Key Mode -- Connects directly to AI services using your personal API keys

In both modes:

  • Processing is stateless -- no prompts, inputs, or outputs are logged or retained
  • No human review of your data occurs at any stage of processing
  • Email content flows from Microsoft Graph to AI services and back without intermediate storage
  • Extracted tasks and insights are saved to your secure, isolated account

Third-Party Services

Microsoft Graph API

  • Accesses your emails, calendar, and contacts with your permission
  • Only authentication tokens are shared via OAuth2

AI Services

  • Analyze emails to extract tasks and generate insights
  • All AI providers are configured with zero data retention policies
  • No prompts, inputs, or outputs are stored, logged, or used for training
  • No human review of inputs or outputs occurs on the provider side
  • All communication uses TLS 1.3 encrypted connections

Data Storage

All processed data (tasks, contacts, settings, knowledge base entries) is stored within your firm's own Azure infrastructure with the following protections:

Single-Tenant Architecture

  • Each firm's deployment runs on dedicated Azure infrastructure -- no shared databases, no shared compute
  • Data is encrypted at rest using AES-256, the standard used by financial institutions and government agencies
  • All data transmission uses TLS 1.3 encryption
  • Your firm's data is physically separated from every other organization's data

Per-User Data Isolation

  • Each user's data is partitioned at the database level using unique identity keys
  • One user's extracted insights, contact profiles, and knowledge base entries are inaccessible to other users
  • This architectural isolation prevents cross-client data contamination -- a structural safeguard against conflicts
  • Authentication via Microsoft identity ensures only authorized users access their own data

Data Retention

  • Your data remains until you choose to delete it
  • Delete specific items or all data at any time through the application
  • Authentication tokens are managed securely and refreshed as needed
  • Account deletion removes all associated data

Your Rights and Controls

You have complete control over your data:

  • Access -- View all stored data through the application interface.
  • Export -- Download your data at any time.
  • Delete -- Clear specific data or remove everything through the application.
  • Revoke -- Remove Microsoft account access or API keys instantly.
  • Choose -- Select your preferred AI service and processing preferences.

Security

Security is implemented at every layer of the architecture:

  • Authentication -- OAuth2 via Microsoft identity platform with on-behalf-of token flow. No passwords stored, no separate credential systems.
  • Encryption at rest -- AES-256 encryption for all stored data in Azure PostgreSQL.
  • Encryption in transit -- TLS 1.3 for all data transmission between components.
  • Infrastructure isolation -- Single-tenant Azure deployment with dedicated resources per firm.
  • Stateless AI processing -- No prompt logging, no input/output retention, no human review at the provider level.

Compliance

Clevermore complies with:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Microsoft Graph API Terms of Service
  • AI service provider terms and conditions

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we do:

  • The "Effective Date" will be updated
  • Significant changes will be communicated through the application
  • Continued use after changes constitutes acceptance

Contact Us

For privacy questions, security documentation, or vendor review materials, contact us at security@clevermore.ai.

This privacy policy reflects our commitment to protecting client confidentiality across the three dimensions that matter: secrecy, security, and loyalty.

* AI services include but are not limited to Google Vertex AI and OpenAI.